DaaS (Detection-as-a-Service) from BlueVoyant collects logs from applications and on-premise and/or cloud infrastructure to enable advanced threat detection. It provides the power of a SIEM without the complexity.
A better, more cost-effective solution for IT teams that lack the expertise or budget to leverage a full SIEM solution, DaaS provides correlation and analysis of disparate log data with live monitoring by 24x7 global cybersecurity operations centers. This service covers endpoints, network perimeter security, and users.
|Log Collection||Software agents are deployed on devices to enable collection of logs for security event monitoring. Using BlueVoyant virtual appliances, logs are aggregated and stored within Wavelength™, the BlueVoyant client portal.|
|Security Event Monitoring||Data is filtered, normalized, correlated, and analyzed to help identify anomalous, suspicious, or malicious behaviors indicative of threats in the monitored environment.|
|Reputational Detection||Utilizing proprietary and open source threat intelligence, BlueVoyant identifies threats based upon reputation by correlating inbound and outbound network traffic to monitor for suspicious and malicious domains and IP addresses.|
|Investigation and Notification||Once a suspicious event is detected or an automatic prevention activity occurs, an alert is generated and a security operations center analyst will investigate to determine whether or not there is a true positive, benign, or false positive and the client will be notified.|
|Health Monitoring||BlueVoyant monitors installed endpoint agent communications using the technology platform. BlueVoyant monitors log sources and generate an alert when a log source’s output has not been received in a specified interval.|
|Log Retention and Archiving||All log data collected is stored for a period of 30 days for security event analysis and retained in archive storage for a period of one year, or as uniquely specified.|
|Indicator Enrichment||Indicators of compromise associated with detections within the monitored environment are automatically extracted, scored, and enriched leveraging open source and proprietary Threat Intelligence. Enriched indicators, assigned a reputation and classification, are visible within Wavelength™.|
- Data collection and analysis
- Infrastructure hosting, monitoring, patching and upgrades
- Health monitoring to ensure log collection and environment visibility
- Automation and orchestration of data
- Compliance documentation and reporting
SIEM-Like Protection with Real Transparency
Clients can observe, in real time, how BlueVoyant's security analysts are keeping their enterprise safe, 24/7. With DaaS, clients can see more through a single-pane-of glass, enabling greater insights. They can break down incomplete and siloed data into an integrated view to prioritize improvements.
Security Event Monitoring
Detect potential threat actors based upon reputation established by correlating inbound and outbound network traffic and monitoring of suspicious and malicious domains and IP addresses.
Investigation and Notification
Automatic alerts are generated for the SOC where security analysts investigate triggering events to confirm threat actor behavior. Notifications are tailored to the client’s preference and recorded in Wavelength™
Leverage Splunk® Enterprise Platform
As a component of the BlueVoyant Platform, Splunk® Enterprise is used to enable log collection, detect threat actors, and facilitate analysis.
Prevent And Remediate
As part of BlueVoyant's commitment to democratizing cybersecurity, BlueVoyant’s services are designed to be layered; however, each service offering provides significant value as a stand-alone solution. MDR+ adds remote breach prevention and remediation services for endpoints.
- Detect security events with best-of-breed Next Generation Antivirus (NGAV) and Endpoint Detection and Response (EDR) solutions.
- Block and contain security events automatically.
- Remediate endpoint incidents and apply proactive Threat Hunting - led by BlueVoyant's investigators and cyber.
- Receive cyber event remediation and a report on how to improve your security posture.
Robust, Relevant, and Right-Sized Cybersecurity Options for Businesses of All Sizes
As part of BlueVoyant's commitment to democratizing cybersecurity, BlueVoyant’s services are designed to be mutually reinforcing but do provide significant value as stand alone solutions. Many clients choose additional services that are designed to work together to enhance and strengthen their security posture; this decision is generally based upon the size and expertise level of their IT staff. The addition of BlueVoyant's Managed Detection and Response (MDR+) service adds protection to your DaaS - no longer just detecting, but protecting your enterprise.
Download the BlueVoyant Detection-as-a-Service℠ (DaaS) Brochure (.PDF)